Ask Your Question
0

Windows: Named service user for puppet agent

asked 2015-08-04 14:18:15 -0500

helge gravatar image

updated 2015-08-04 14:20:47 -0500

Hello,

I am trying to get puppet agent service to work in windows. Using LocalSystem as account user works; but I need puppet agent service to be run under a named account for our windows AD.

I used the installer to specify the Domain Account name; the installer grants Logon as service rights and adds the user to the local BUILTIN\Administrators group - so far so good.

However, the agent is always run with non elevated privileges it seems; it tries to create the directory $::system32/.puppet and does not have the permissions to do so.

Question: How do I best run Puppet Agent as service when I need network drive permissions for many of my manifests?

Versions:

  • Windows 6.3 (2012r2 / 8.1)
  • OS Puppet 3.8.1
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-08-05 03:19:41 -0500

GlennSarti gravatar image

Have you tried a few tests to ensure that it really is UAC that's blocking you?

  1. Logon as the service account locally. Open a NON-ADMIN command prompt and do a Puppet apply (noop) (Should Fail)
  2. Logon as the service account locally. Open an ADMIN command prompt and do a Puppet apply (noop) (Should work)

If it is UAC you could create a Group Policy Object (or possibly even a local GPO) with the UAC settings set to 'No Prompt' and try it. I personally haven't tried this but may work.

Good luck!

Glenn.

edit flag offensive delete link more

Comments

Thanks Glenn, I tried this prior to posting here and even with an admin shell it puppet runs unprivileged. However, using the defauld domain admin accound sems to work for some reason; though my puppet account is dom admin, too. I'll stick with this for now and report back later

helge gravatar imagehelge ( 2015-08-06 09:10:29 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-08-04 14:18:15 -0500

Seen: 170 times

Last updated: Aug 05 '15